Third Party Product Security Engineer

Rockwell Automation is a global technology leader focused on helping the world's manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility -our people are energized problem solvers that take pride in how thework we do changes the world for the better.

We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that's you we would love to have you join us!

Job Description

Summary:

As a Third-Party Product Security Engineer, you will play a critical role in executing the Third-Party Risk & Compliance Management (TPRC) program, driving supply chain risk reduction, product security compliance, and secure qualification of third-party components within Rockwell Automation products. You will lead supplier security assessments with closed-loop remediation, support secure product qualification, and drive supplier development initiatives to strengthen supply chain security maturity and product quality.

This is a collaborative role requiring close engagement with Business Units, Product Security, and cross-functional teams. It also involves working with global suppliers to drive secure development practices, regulatory compliance (e.g., EU CRA, MR, NIS2), and continuous improvement across the supplier ecosystem. Are important to build partnerships and advance supply chain security maturity.

Your Responsibilities:

• Lead evaluation, risk-based qualification, and onboarding of suppliers and partners, ensuring understanding of TPRC frameworks and product security requirements
• Conduct supplier security assessments with closed-loop remediation tracking, improving and compliance with Secure Development Lifecycle (SDL) and regulatory requirements (e.g., EU CRA, NIS2)
• Review supplier design controls and secure software development practices (verification & validation, risk management, configuration management, build/release governance) to ensure understanding of industry and product security standards
• Partner with Business Units, Product Security, and cross-functional teams. Together, perform Threat Analysis & Risk Assessments (TARA), design-for-security reviews, and secure qualification of third-party software & firmware components.
• Collaborate with internal teams and suppliers to drive enterprise-wide adoption of supply chain security requirements
• Work with Sourcing and Legal teams to support Quality and Security Agreements, and strengthen supplier governance and purchasing controls
• Lead investigation of security and quality issues, ensuring effective root cause analysis (RCA), CAPA execution, risk mitigation, and closure
• Drive alignment with strategic suppliers on product security standards, processes, and compliance expectations
• Ensure readiness and effective transition of suppliers from development to production across security, quality, and compliance requirements
• Support post-market product security activities, including software anomalies, complaint handling, RCFA, and CAPA closure
• Deliver training, workshops, and enablement sessions to internal teams and suppliers to drive consistent adoption of security and compliance practices
• Maintain accountability for timely execution, ensuring you proactively manage and resolve risks and issues impacting product security.
• Influence and collaborate across a global, matrixed organization to drive risk reduction and secure product outcomes
• Ensure end-to-end alignment across the Secure Development Lifecycle (SDL) and supplier lifecycle
• Prepare and present risk, quality, and compliance insights to leadership, including supplier performance, assessment outcomes, and remediation progress

The Essentials - You Will Have:

• Bachelor's degree in Electrical/Electronics Engineering, Computer Science, or a related field
• 5+ years of experience in Product Security, Cybersecurity, Software Engineering, Software QA, or Systems Engineering
• 5+ years of experience conducting supplier security assessments, audits, and SDLC/SDL evaluations
• Hands-on experience with Secure Development Lifecycle (SDL) and frameworks such as NIST SSDF (800-218), IEC 62443-4-1/4-2, or equivalent
• Strong experience in risk-based assessments, remediation tracking, and program governance
• Experience supporting regulatory compliance (e.g., EU CRA, NIS2, ISO 27001)
• Proven ability to influence and drive outcomes across a global, matrixed environment

The Preferred - You Might Also Have:

• Certification in Lean / Six Sigma (Green Belt / Black Belt)
• Experience with Agile methodologies (Scrum, SAFe, Lean)
• Experience in Third-Party Risk Management (TPRM) and supplier/OEM ecosystems
• Familiarity with software/firmware product qualification and security/compliance tools (e.g., Jira, OneTrust, GRC platforms)
• Exposure to regulatory frameworks such as EU CRA, NIS2, or similar global compliance standards

What We Offer:

Our benefits package includes …

• Comprehensive mindfulness programs with a premium membership to Calm
• Volunteer Paid Time off available after 6 months of employment for eligible employees
• Company volunteer and donation matching program - Your volunteer hours or personal cash donations to an eligible charity can be matched with a charitable donation.
• Employee Assistance Program
• Personalized wellbeing programs through our OnTrack program
• On-demand digital course library for professional development

... and other local benefits!

#LI-Hybrid

#LI-SK2

Rockwell Automation's hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.